Secure File Sharing for Insurance Companies: Protecting Consumer Privacy
Secure file sharing for insurance companies is an industry requirement. This post explains why.
Insurance companies are facing two big challenges, and both have to do with information. The first challenge is making information available to an increasingly mobile workforce, despite the fact that it is distributed across multiple data silos. The second challenge is secure file sharing—keeping personally identifiable information (PII) and protected health information (PHI) safe from malicious or careless insiders and dangerous outsiders, like hackers and criminal syndicates. In an earlier post, we addressed the first challenge. In this blog post, we will focus on the second challenge.
Why Secure File Sharing for Insurance Companies is Needed
The headlines tell the story–data breaches are common and costly. Along with retailers and hospitals, insurance companies are under attack from hackers and criminal syndicates. Successful data breaches against insurance companies have yielded private data on hundreds of millions of consumers and led to regulatory penalties and costly lawsuits. In a few cases, hackers did not have to break into insurance company networks at all. Instead, security lapses exposed unencrypted data to the public.
Here are some recent examples of what happens when a breakdown secure file sharing for insurance companies occurs:
- When hackers breached Anthem‘s network using a simple password hack, they were able to steal unencrypted PII for 8 million current and previous customers and employees. The breach, which affected approximately one in four Americans, was the largest in healthcare history. Mitigation costs are projected to exceed $100 million—the amount covered by the company’s data security insurance through AIG. The company is still facing a fine that could reach $1.5 million for violating the data security rule of the Health Insurance Accountability and Portability Act (HIPAA). In addition, several class action lawsuits are pending. They could end up costing the company billions of dollars.
- Excellus Blue Cross Blue Shield was likely breached sometime in 2013. Over the next two years, hackers stole PII belonging to over 10 million consumers, including some Social Security numbers and credit card information. Information about the cost of the breach is still pending. The Ponemon Institute has estimated that the typical cost of a data breach in the healthcare industry is $363 per record. Were this estimate to apply to the Excellus breach, the total cost could approach $4 billion.
- Premera Blue Cross Blue Shield was hit by a data breach affecting 11 million customers, the company announced in March 2015. For the previous year, hackers may have had access to “claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data.” The breach was the largest to date involving patient records.
- WellPoint failed to protect over 600,000 medical records from Internet access. For violating the HIPAA Security Rule, the U.S. Department of Health and Human Services (HHS) fined the company $1.7 million.
- Zurich Insurance lost an unencrypted backup tape containing PII for 46,000 customers in 2010. The UK Information Commissioner’s Office (ICO) fined the company £2,000,000, then the Financial Services Authority hit the company with a separate fine of £2,275,000.
The risks here are obvious. Hackers are targeting insurers for valuable PII. On the black market, healthcare records now sell for 10-20 times the value of stolen credit card records, in part because EMV technology is making credit card fraud more difficult to perpetrate.
But poor secure file sharing for insurance companies occurs even without hackers. Removable media like unencrypted disk drives for example create significant content security risks. In its annual report on data breaches, Verizon noted 9,701 incidents of laptops, backup tapes, or other media being lost or stolen in 2015. The problem is most widespread in government and healthcare.
Clearly, a redoubling of efforts is needed in order to achieve secure file sharing for insurance companies. Strengthening password protection, encrypting data, using secure cloud storage instead of removable media—these and other security best practices would significantly bolster secure file sharing for insurance companies.
The Solution
The Kiteworks secure file sharing and governance platform enables secure file sharing for insurance companies.
With the Kiteworks platform, insurance companies protect PII and other content from costly data breaches by enforcing state-of-the-art security controls to protect PII wherever it is—in the cloud, in transit, on a desktop, laptop, tablet or mobile device.
More than 15 million business users and 2,500 of the world’s leading enterprises—including leading insurance companies—trust Kiteworks to securely share PII and other sensitive information with external partners, from any location, using any device.
To help address the challenges of secure file sharing for insurance companies, the Kiteworks platform provides:
- encryption in transit and at rest
- encryption key ownership
- FIPS 140-2 certification
- Integration with SSO, LDAP/AD, DLP, ATP, SIEM, and MFA/2FA
- Virtual hardened appliance
- On-premise, private, hybrid, or hosted deployment options
- No vendor access to content or metadata
- Embedded anti-virus (AV) and native 2FA
The risk of data breaches will continue. And enterprises of all sizes will continue feeling the pressure to secure their most sensitive information while increasing productivity and operational efficiency.
Kiteworks addresses both these challenges.
To learn more about how Kiteworks provides secure file sharing for insurance companies and other financial services organizations, schedule a custom demo of Kiteworks today.
Frequently Asked Questions
Secure file sharing is a way of transferring files between two or more computers, all while ensuring that the data remains secure and confidential. Encryption, data loss prevention (DLP), advanced threat protection (ATP), and multi-factor authentication (MFA) are just some of the security features used to enable secure file sharing.
Secure file sharing typically involves encrypting files during transit and ensuring they can only be accessed by users with the correct credentials, typically a username and password. Once downloaded, the files are also encrypted locally on the user’s device. This prevents unauthorized users from viewing them without the correct credentials. Some secure file sharing systems also provide an audit trail, so that administrators can track who has accessed each file.
Secure file sharing helps organizations keep their data safe and secure. By encrypting the data as it is transferred, secure file sharing prevents hackers and malicious actors from stealing or altering data. Additionally, secure file sharing can help organizations comply with data regulations and industry standards.
Regular file sharing is not encrypted, which means the data can be intercepted and read. Secure file sharing, on the other hand, uses encryption algorithms to scramble the data before it is sent, making it unreadable to anyone without the encryption key.
Yes, secure file sharing requires a secure connection. This means that the connection must use a secure protocol such as SFTP, FTPS, or HTTPS.
Additional Resources